Re: [Doh] conflict between HTTP and DNS cache granularity
Patrick McManus <pmcmanus@mozilla.com> Mon, 19 March 2018 23:23 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33E312D95F for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 16:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.102
X-Spam-Level: **
X-Spam-Status: No, score=2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SBL_CSS=3.335, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onoyHBEDSRy2 for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 16:23:51 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD1F12D7F4 for <doh@ietf.org>; Mon, 19 Mar 2018 16:23:51 -0700 (PDT)
Received: from mail-ot0-f182.google.com (mail-ot0-f182.google.com [74.125.82.182]) by linode64.ducksong.com (Postfix) with ESMTPSA id A07573A04F for <doh@ietf.org>; Mon, 19 Mar 2018 19:23:50 -0400 (EDT)
Received: by mail-ot0-f182.google.com with SMTP id i28-v6so14522865otf.8 for <doh@ietf.org>; Mon, 19 Mar 2018 16:23:50 -0700 (PDT)
X-Gm-Message-State: AElRT7GqKbE0sGBI+kQrQTqxsv4JdRGe3YzxZiLq72cV298vHjymL380 ZNQaRpTSC7ZXA92EcFlR4ZIXKHF+L0r/J6M+C3o=
X-Google-Smtp-Source: AG47ELvm7paozMMtvSsFyfNG2vrx0Kd8D73nmLhMsXWIuBNzDPyh1Zqz/6A1GB06HJ9uuLpHbKySvi02MCBh0wSVJas=
X-Received: by 2002:a9d:285d:: with SMTP id h29-v6mr7645075otd.205.1521501830358; Mon, 19 Mar 2018 16:23:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.66.212 with HTTP; Mon, 19 Mar 2018 16:23:49 -0700 (PDT)
In-Reply-To: <f19857a4-0b55-9210-e4f5-7fb49ccda1de@nic.cz>
References: <f19857a4-0b55-9210-e4f5-7fb49ccda1de@nic.cz>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 19 Mar 2018 23:23:49 +0000
X-Gmail-Original-Message-ID: <CAOdDvNpkUQ6dWCeuaf0mogjd+yXRpKhxWvv0VYgrwredrwqU1Q@mail.gmail.com>
Message-ID: <CAOdDvNpkUQ6dWCeuaf0mogjd+yXRpKhxWvv0VYgrwredrwqU1Q@mail.gmail.com>
To: Petr Špaček <petr.spacek@nic.cz>
Cc: DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001faf3a0567cc4006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/PDdTGVZSM97TyqJUDJlsLmGeXP4>
Subject: Re: [Doh] conflict between HTTP and DNS cache granularity
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 23:23:54 -0000
section 6 tries to deal with this.. On Mon, Mar 19, 2018 at 11:21 PM, Petr Špaček <petr.spacek@nic.cz> wrote: > Hello doh, > > section 7.1. Cache Interaction at the moment does not mention > difference between DNS and HTTP caching granularity. > > Observations: > - DNS answer might contain more than 1 RR type (CNAME + original QTYPE) > - DNS TTL is per-RRset but HTTP caching header is per request, which in > terms of DoH means per DNS message (which potentially combines multiple > RRsets) > > Thus the HTTP "TTL" has to be derived somehow, most likely using minimal > value from all RRsets present in the DNS message. > > Without this limit a bad things will happen when DNS message "partially" > expires, which is not handled by DoH protocol itself and will be > detected late in the process on the DoH client side. > > E.g. a browser receives cached DoH answer from a caching proxy. It > contains the same DNS message as before with following RRs and headers: > ; Age = 20 > www.example.com. 100 CNAME srv.example.net. > srv.example.net. 10 A 192.0.2.1 > > Now, the srv.example.net. A RR has TTL -10 seconds so its invalid and > client has to deal with it somehow. It is up to WG to decide whether > client should re-query for expired RRs by itself or if DoH server should > handle this by shortening TTLs so the client cannot encounter this > partial expiration ... > > Well, mixing DNS and HTTP semantics is fun. > > -- > Petr Špaček @ CZ.NIC > > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- [Doh] conflict between HTTP and DNS cache granula… Petr Špaček
- Re: [Doh] conflict between HTTP and DNS cache gra… Patrick McManus
- Re: [Doh] conflict between HTTP and DNS cache gra… Stephane Bortzmeyer